8 matches found
EUVD-2026-30803
amazon-redshift-python-driver vulnerable to Remote Code Execution via eval Injection...
CVE-2026-8838
Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...
CVE-2026-8838
Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...
PT-2026-41734
Name of the Vulnerable Software and Affected Versions amazon-redshift-python-driver versions prior to 2.1.14 Description Unsafe use of Python's eval function on data received from a server within the vector in function allows a rogue server or man-in-the-middle actor to execute arbitrary code on...
CVE-2025-5279
When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...
CVE-2025-5279 Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin
When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access...
CVE-2024-12745
Summary: CVE-2024-12745 affects the Amazon Redshift Python Connector (version 2.1.4). The vulnerability is a SQL injection occurring through the metadata APIs get_schemas, get_tables, and get_columns, potentially enabling elevated privileges. Impact and remediation: Upgrade to driver version 2.1....
PT-2024-10194
Name of the Vulnerable Software and Affected Versions Amazon Redshift Python Connector version 2.1.4 Description A SQL injection in the Amazon Redshift Python Connector allows a user to gain escalated privileges via the get schemas, get tables, or get columns Metadata APIs. Recommendations For...